Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: src/effects/SkTableColorFilter.cpp

Issue 604873004: Fix SkTableColorFilter deserialization validation. (Closed) Base URL: https://skia.googlesource.com/skia.git@master
Patch Set: Increase buffer size in test Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | tests/SerializationTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 1
2 #include "SkBitmap.h" 2 #include "SkBitmap.h"
3 #include "SkTableColorFilter.h" 3 #include "SkTableColorFilter.h"
4 #include "SkColorPriv.h" 4 #include "SkColorPriv.h"
5 #include "SkReadBuffer.h" 5 #include "SkReadBuffer.h"
6 #include "SkWriteBuffer.h" 6 #include "SkWriteBuffer.h"
7 #include "SkUnPreMultiply.h" 7 #include "SkUnPreMultiply.h"
8 #include "SkString.h" 8 #include "SkString.h"
9 9
10 class SkTable_ColorFilter : public SkColorFilter { 10 class SkTable_ColorFilter : public SkColorFilter {
(...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after
191 if (!buffer.validate(packedSize <= sizeof(packedStorage))) { 191 if (!buffer.validate(packedSize <= sizeof(packedStorage))) {
192 return NULL; 192 return NULL;
193 } 193 }
194 if (!buffer.readByteArray(packedStorage, packedSize)) { 194 if (!buffer.readByteArray(packedStorage, packedSize)) {
195 return NULL; 195 return NULL;
196 } 196 }
197 197
198 uint8_t unpackedStorage[4*256]; 198 uint8_t unpackedStorage[4*256];
199 size_t unpackedSize = SkPackBits::Unpack8(packedStorage, packedSize, unpacke dStorage); 199 size_t unpackedSize = SkPackBits::Unpack8(packedStorage, packedSize, unpacke dStorage);
200 // now check that we got the size we expected 200 // now check that we got the size we expected
201 if (!buffer.validate(unpackedSize != count*256)) { 201 if (!buffer.validate(unpackedSize == count*256)) {
202 return NULL; 202 return NULL;
203 } 203 }
204 204
205 const uint8_t* a = NULL; 205 const uint8_t* a = NULL;
206 const uint8_t* r = NULL; 206 const uint8_t* r = NULL;
207 const uint8_t* g = NULL; 207 const uint8_t* g = NULL;
208 const uint8_t* b = NULL; 208 const uint8_t* b = NULL;
209 const uint8_t* ptr = unpackedStorage; 209 const uint8_t* ptr = unpackedStorage;
210 210
211 if (flags & kA_Flag) { 211 if (flags & kA_Flag) {
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after
470 SkColorFilter* SkTableColorFilter::CreateARGB(const uint8_t tableA[256], 470 SkColorFilter* SkTableColorFilter::CreateARGB(const uint8_t tableA[256],
471 const uint8_t tableR[256], 471 const uint8_t tableR[256],
472 const uint8_t tableG[256], 472 const uint8_t tableG[256],
473 const uint8_t tableB[256]) { 473 const uint8_t tableB[256]) {
474 return SkNEW_ARGS(SkTable_ColorFilter, (tableA, tableR, tableG, tableB)); 474 return SkNEW_ARGS(SkTable_ColorFilter, (tableA, tableR, tableG, tableB));
475 } 475 }
476 476
477 SK_DEFINE_FLATTENABLE_REGISTRAR_GROUP_START(SkTableColorFilter) 477 SK_DEFINE_FLATTENABLE_REGISTRAR_GROUP_START(SkTableColorFilter)
478 SK_DEFINE_FLATTENABLE_REGISTRAR_ENTRY(SkTable_ColorFilter) 478 SK_DEFINE_FLATTENABLE_REGISTRAR_ENTRY(SkTable_ColorFilter)
479 SK_DEFINE_FLATTENABLE_REGISTRAR_GROUP_END 479 SK_DEFINE_FLATTENABLE_REGISTRAR_GROUP_END
OLDNEW
« no previous file with comments | « no previous file | tests/SerializationTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698